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DETAILED ACTION 

1. Claims 1-20 have been examined. 

Priority 

2. Foreign priority has been claimed in this application. 

3. Acknowledgment is made of applicant's claim for foreign priority based on an 
application filed in Japan on 04/25/2001 . 

Specification 

4. The disclosure is objected to because of lack of consistency. The specification uses 
drawings to illustrate the invention. Fig. 2- 5 are explicitly discussed in relation to the 
invention's. However, there is no mention of Fig. 1 even though objects of Fig. 1 
seem to be addressed. 

Appropriate correction is required. 

Claim Objections 

5. The phrase "an interface creating step of creating interfaces for the manager if said 
certifying step succeeds the certification of the second manager password and the 
second password succeeds" in claim 9 introduces unnecessary confusion and 
should be rewritten. 

6. "The management object" is a singular noun and as a result the verb "creates" 
instead of "create" should follow. 

7. In multiple claims applicant uses word "certify" but the specification indicates that 
applicant refers to the authentication process (e.g. the specification, pg. 8). The 
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term "certification" has a special meaning in the art and it should not be used as a 
substitute for authentication. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

8. Claims 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter, 
that applicant regards as the invention. 

9. "The second password" in claims 1 , 9 and 17 lacks antecedent basis. 

1 0. Claims 1 , 9 and 1 7 address certification of a second manager ID and a second 
manager password but in the second part of the claim the certification is addressed 
to the second manager password and the second password . The claim limitation is 
not understood. 

1 1 . Claims 1 and 17 recite: "a management object for controlling a request from a 
manager which manages a data file to be accessed by a user". It is unclear whether 
it is the management object or the manager that manages a data file to be accessed 
by a user. 

The term is treated as though the management was designated to the management 
object. 

12. Claim 1 recites: "said management object certifying a second managerlD and a 
second manager password received from the manager, in accordance with a first ID 
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and a first password stored beforehand" and it is followed by claim 3 that states: "a 
corresponding cipher key to the manager certified by the second managerlD and the 
second password". It appears that claim 1 names "the second managerlD" and "the 
second manager password" as subject of the certification wherein claim 3 names 
"the manager" as the object of the certification. 

As a result "the certified manager" (the last line in claim 1 ) lacks antecedent basis. 
For purposes of further examination the phrase is understood that certification of the 
second managerlD and the second manager password is equivalent to the 
certification of the manager. 

1 3. Claims 9, 11,17 and 1 9 pose the same issue and as a result they are similarly 
interpreted. 

14. Claims 1 and 17 suggest that "the certified manager" is permitted an access. 
However, it is not clear whether the access is directed towards files, interfaces or 
something else. 

15. Claims 4, 12 and 20 (as best understood) raise antecedent basis issues. The claim 
language directs certification towards "another manager ID" and "another password" 
but uses the phrase "the certified other manager", as though "the manager" was the 
subject of the certification. Furthermore since "another" is used as a noun reciting 
"the certified other manager", it introduces unnecessary confusion. 

16. Claims 5 and 13 are not understood. The sentences are not grammatically correct 
and as a result the limitations are not clear. For purposes of further examination an 
attempt at the best interpretation is made but the limitations must be clarified. 
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17. Furthermore claim 5 and 13 introduce the notion of functions that are performing no 
steps: "a function of not creating the interfaces". The limitation should specify what 
invention components do rather what they don't. 

18. Claims 2, 5-8, 10, 13-16, 18 are rejected by the virtue of their dependence. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

19. Claims 9 and 16 are rejected under 35 U.S.C. 102(e) as being anticipated by Harter 
et ai (U. S. Patent No. 6212564). 

20. Harter et a/, teach a step wherein a servlet running on the server receives the 
request for the applet launcher page based on the user identifier, password and 
device type. The servlet validates the user identifier and password and if they are 
valid the servlet generates or selects the applet launcher HTML page, which is 
optimal for the requested device. The servlet then returns the applet launcher page 
to the client (Fig, 2 and col. 4 lines 14-22). This reads on a certifying step of 
certifying a second manager ID and a second password received from a manager, in 
accordance with a first ID and a first password stored beforehand; an interface 
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creating step of creating interfaces for the manager if said certifying step succeeds 
the certification of the second manager password and the second password 
succeeds. 

21 . Col. 3 line 52 - col. 4 line 1 3 reads on the limitation of claim 1 6. 

22. Claims 1-2, 4, 8-10, 12, 16-18 and 20 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Huang (U.S. Patent No. 6192361). 

23. As per claims 9 and 16 Huang teaches steps of a browser on a remote computer 
accessing remote server, the remote server providing the remote computer with java 
applet that is used to communicate ID and password to the system manager; system 
security manager verifying user id and password against database of IDs and 
passwords, and if id and password are valid GUI Launcher is launched (Fig. 2 and 
col. 7 lines 9-24). 

Furthermore Huang teaches System Management Interface (56) and Servers (60), 
in conjunction with the GUI Launcher (8) that permits users to access and 
communicate with the system (230) (Fig. 1 and col. 8 line 34- col. 9 line 6). 
This reads on a certifying step of certifying a second manager ID and a second 
password received from a manager, in accordance with a first ID and a first 
password stored beforehand; an interface creating step of creating interfaces for the 
manager if said certifying step succeeds the certification of the second manager 
password and the second password succeeds and on transmitting a Java applet 
program from a Java virtual machine to the manager in response to a request from 
the manager. 
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24. As per claims 1-2, 4, 10, 12, 17-18, 20 Huang teaches that the system is used by 
multiple users (col. 2 lines 38-42, col. 6 liens 13-15, etc.), and that when the remote 
computer terminates the logon session the remote computer does not retain java 
applet (col. 7 lines 59-65) and that interfaces expire after a predetermined time 
(col. 15 lines 43). 

25. Claim 8 is substantially equivalent to claim 16; therefore claim 8 is similarly rejected. 

26. Claims 9 and 16 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Moshfeghi (U. S. Patent No. 6476833). 

27. Moshfeghi teaches a user entering authentication information (a user ID and a 
password). The application then authenticates the user and the user's access rights 
by, for example, invoking authentication methods on tier 2 servers which access 
information in the user directory and compare it to entered authenticating 
information. After authentication, user profile records are loaded to the memory of 
the end-user device. The application then displays a window configured according to 
directions in the loaded user profile records and the user commences application 
interaction with the application specific controls. 

This reads on a certifying step of certifying a second manager ID and a second 
password received from a manager, in accordance with a first ID and a first 
password stored beforehand; an interface creating step of creating interfaces for the 
manager if said certifying step succeeds the certification of the second manager 
password and the second password succeeds (col. 12 line 58 - col. 13 line 15). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

28. Claims 1-2, 4, 8, 10, 12, 17-18 and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Harter et al. (U.S. Patent No. 6212564) in view of Howell et al. 
(U.S. Patent No. 5450593). 

29. As per claims 1 and 17 Harter et al. teach creating interfaces by the management 
object permitting an access to files as discussed above. 

Harter et al. do not explicitly teach the interfaces to be expired after a predetermined 
time. However, the importance of revoking of access after some predetermined time 
is well known in the.art. For example, Stallings teach access revocation after 
predetermined time and provides a motivation for implementing such a measure 
(Stalling, pg. 328). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to expire the interfaces after a predetermined time as taught by Stallings. 
One of ordinary skill in the art would have been motivated to perform such a 
modification in order to increase system's security. 

30. As per claims 2, 10 and 18 Harter et al. do not explicitly teach the interfaces to be 
expired after a received log-out. 
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Official Notice is taken that it is old and well-known practice to expire (the access) 
interfaces after a log-out has been received (e.g. Web session log-out finishes the 
session). One of ordinary skill in the art at the time of applicant's invention would 
expire interfaces after a log-out has been received in order to prevent any potential 
attacks or an unauthorized access. 

31 . Limitations of claims 4, 12 and 20 are implicit. A storage management should be 
able to handle many requests. 

32. Col. 3 line 52 - col. 4 line 1 3 reads on the limitation of claim 8. 

33. Claims 3, 11 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Harter et al. (U.S. Patent No. 6212564) in view of Howell et al. (U.S. Patent No. 
5450593) and in further view Stein (Lincoln D. Stein, "Web Security, a step-by -step 
reference guide", 1998, ISBN: 0201634899). 

34. Harter et al. in view of Howell et al. teach the manager accessing the interfaces 
received from the management object as discussed above. 

Harter et al. in view of Howell et al. do not teach that the management object 
transmits a corresponding cipher key to the manager certified by the second 
managerlD and the second password, and the manager accesses the interfaces by 
using the cipher key. 

Stein teaches a cipher key exchange to secure a session and communication parties 
communicating in encrypted mode (Stein, Fig. 3.2 and pg. 41-42). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to 
configure the management object to transmit a corresponding cipher key to the 
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manager certified by the second managerlD and the second password (exchange 
cipher keys), and the manager accesses the interfaces by using the cipher key 
(switch into encrypted mode) as taught by Stein. One of ordinary skill in the art 
would have been motivated to perform such a modification in order to ensure data 
confidentiality. 

35. Claims 5 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Harter et a\. (U. S. Patent No. 6212564) in view of Howell et al. (U. S. Patent No. 
5450593) and in further view of Ludwig et al. (U.S. Pub. 20020198829). 

36. Harter et al. in view of Howell et al. teach creating interfaces by the management 
object by permitting an access to files as discussed above. 

Harter et al. in view of Howell et al. do not teach not creating the interfaces if a non- 
use period from the most recent log-out of the manager exceeds a predetermined 
period when the second manager ID and the second password are certified. : 
Ludwig et al. teach disabling accounts after a predetermined time of inactivity 
(Ludwig et al. [51]), which reads on not creating the interfaces if a non-use period 
from the most recent log-out of the manager exceeds a predetermined period when 
the second manager ID and the second password are certified. 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to not create the interfaces if a non-use period from the most recent log-out 
of the manager exceeds a predetermined period when the second manager ID and 
the second password are certified as taught by Ludwig et al. One of ordinary skill in 
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the art would have been motivated to perform such a modification in order to 
maintain the system's security. 

37. Claims 1-2, 6, 10, 14 and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Moshfeghi (U.S. Patent No. 6476833) in view of Stein (Lincoln D. 
Stein, "Web Security, a step-by -step reference guide", 1998, ISBN: 0201634899). 

38. Moshfeghi teaches the manager accessing the interfaces received from the 
management object as discussed above. 

As per claims 1 and 17 Moshfeghi does not explicitly teach the interfaces to be 
expired after a predetermined time. However, the importance of revoking of access 
after some predetermined time is well known in the art. For example, Stallings 
teaches access revocation after a predetermined time and provides a motivation for 
implementing such a measure (Stalling, pg. 328). 

39. It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to expire the interfaces after a predetermined time as taught by Stallings. 
One of ordinary skill in the art would have been motivated to perform such a 
modification in order to increase the system's security 

40. As per claims 6 and 14 Moshfeghi teaches that information exchange utilizes RM I 
(col. 5 lines 21-31). Furthermore Moshfeghi teaches that requests from the client 
applications to the business-server objects are intercepted by access decision 
facility, which checks whether the requesting user, who has the particular access 
control information stored in the user directory, is authorized to access the 
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information requested in view of the access control policies stored in the access 
control policy database (col. 8 lines 58-65). 

This reads on an information file from storing a plurality of functions of a RMI and a 
plurality of flags for defining which manager is permitted to use which function. 

41. As per claims 2 and 10 Moshfeghi teaches logoff functionality (col. 13 lines 36-37). 

42. Claims 7 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Moshfeghi (U.S. Patent No. 6476833) in view of Stein (Lincoln D. Stein, "Web 
Security, a step-by -step reference guide", 1998, ISBN: 0201634899) and in further 
view of Cabrera et al. (U.S. Patent No. 6029160). 

43. Moshfeghi and Stein teach a system as discussed above. 

Moshfeghi and Stein do not teach implementing a flag for temporarily stopping the 
use of the created interfaces in response to a maintenance request. 
Cabrera et al. teach implementing implement a flag for temporarily stopping the use 
of objects in response to maintenance (Cabrera et al. col. 6 lines 39-43). 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implementing a flag for temporarily stopping the use of the created 
interfaces in response to a maintenance request as taught by Cabrera et al. One of 
ordinary skill in the art would have been motivated to perform such a modification in 
order to prevent any undesirable effects of accessing objects under maintenance. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is 
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(571 )272-3840. The examiner can normally be reached Monday through Thursday 
from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571 ) 272-3838. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 






